With the California Legislature in the final three weeks of its session, big tech companies and business lobbies have so far had little success in getting changes to the California Consumer Privacy Act. The landmark online privacy law – enacted in summer 2018 – takes effect Jan. 1, 2020.

The law parallels a sweeping measure adopted by the European Union that took effect in May 2018. It gives consumers the right to know who is collecting what data on them from their online browsing and provides them the choice of opting out from collection.

Defenders of the state law say the reason it has been targeted so vigorously is because tech firms know that California often influences what other states or even Congress does. These companies prefer the present anything-goes data accumulation landscape allowed under federal law. The Golden State law did appear to inspire 24 states to consider online privacy laws this year, according to Pew’s Stateline research site, though few have been enacted so far.

Critics: Flaws will hurt bottom lines, customers

But critics say they are going after the law because it is poorly crafted and could both drive companies out of business and reduce the ways that online information gathering actually helps consumers by connecting them to goods and services they are likely to want. Among the criticisms offered by the California Chamber of Commerce and the state chapter of the National Federation of Independent Business:

• The limits put on what “personal information” can be gathered are so broadly written that they apply to broad swaths of information that can’t be linked to individuals but that can help businesses develop marketing strategies.

• The provision banning businesses from the sale of information gathered online is so broad it will make it difficult for businesses to use information that it has gathered directly and legitimately from use of their websites to determine what customized content to provide customers.

Legislation that would address these concerns has not advanced. 

Local agencies fear effect on public health, tax collection

The Bay Area News Group also reported on the failure of a bill that would have allowed government agencies to have access to consumer information for a variety of priorities, including helping government officials “to collect child support, find people exposed to infectious diseases, locate foster children’s family members, determine social service eligibility, and collect delinquent taxes and judgments.”

One measure – Assembly Bill 25 by Assemblyman Ed Chau, D-Monterey Park – has made progress. It would make clear that the law doesn’t cover employees acting within the scope of their basic job duties. As a co-sponsor of the original law, Chau had more credibility than some of the lawmakers’ who appeared to be proposing changes at the tech industry’s behest.

AB25 passed the Assembly on a 77-0 vote in May and an amended version was approved by the Senate Judiciary Committee on an 8-0 vote last month. But it has not been considered by the Senate Appropriations Committee since its referral.

Dramatic late-session moves could resurrect some of the more controversial bills seeking to narrow the Consumer Privacy Act. But an official with the Electronic Frontier Foundation told the Bay Area News Group that come Jan. 1, the foundation expected that “the same bill [adopted last year] goes into effect.”

Why focus is likely to shift from Sacramento to Albany

The tech companies and lobbying groups could soon shift their attention from California, the richest state in terms of GDP, to New York, the third richest.

In 2020, lawmakers there are expected to consider perhaps the most far-reaching online privacy law in the world. One likely provision would make it a “fiduciary duty” for companies to use the data they accumulate in ways that advance the customer’s best interests. Depending on how this is interpreted, this could mean the end of the present model of micro-targeting of consumers through information gained from their online searches and activity – at least in New York state.

A cadre of First Amendment groups alleges that the subcommittee of the California Law Enforcement Telecommunications System (CLETS) also approves action that is then rubber stamped by the CLETS advisory committee (CAC) just hours later, again failing to properly announce what will be part of a discussion determined by law to be subject to advance disclosure.

The subcommittee, called the Standing Strategic Planning Subcommittee (SSPS), is, like CAC, composed of members of law enforcement associations and state agencies who form policy on justice matters in the state.

“Since at least July 2013, [CAC] and SSPS have scheduled their meetings on the same day. SSPS convenes in the morning and votes to make recommendations, then [CAC] meets in the afternoon and votes to finalize those recommendations,” reads a July 16 letter to the law enforcement telecom committee, signed by representatives of the Electronic Frontier Foundation, the ACLU, the First Amendment Coalition and Californians Aware. “This has resulted in a system in which the public has only a few hours to analyze decisions and formulate comment before these proposals are formally approved.”

The complaint was spurred by a plan to use the drivers’ license photo and other information of Californians with law enforcement agencies nationwide for use in facial recognition databases.

That idea was scrapped after the agency received 1,500 complaints earlier this year. But it was in the final stages of approval when it was discovered after being passed via the alleged breach of the open meetings law.

During a March meeting of the CAC, David Maass, an investigative researcher with the Electronic Frontier Foundation, told the board that he and others were concerned about the effort to allow federal access to state drivers license data.

According to the minutes of that meeting, in response to Maass’ comments, “SSPS Chair [Tom] Bruce stated that the SSPS makes no decisions on policies, practices and procedures and that the subcommittee’s role is strictly advisory.”

As is the role of the CLETS board, according to the DOJ website, which states that the board’s job is to “counsel and assist the Attorney General on the proper collection, storage, dissemination and security of CLETS data.”

The DOJ had already applied for a $50,000 grant to put drivers’ license data into a national database, despite the warning of the California Department of Motor Vehicles that the policy violated state privacy law.

The subcommittee did not meet for four years before being put back together in 2013 “so that there are proper eyes on the future and to deal with issues that are not generally reviewed by [CAC],” according a minutes from a July 2013 meeting.

At that time, the board was cautioned by chairman Sam Spiegel that “the subcommittee needs to abide by the 2004 Bagley-Keene Open Meeting Act, which requires public notice of meetings, agendas and an opportunity for the public to testify.”

Spiegel did not return a call.

In a joint meeting in November 2013 that was called to specify the goals of the freshly-revived subcommittee, board members noted that the sharing of drivers’ license photos nationally was not being done.

That meeting, though, launched the crusade to provide state drivers’ license photos to the feds. It was noted that the state was developing an “image warehouse” that will have facial capability.

At that time, subcommittee member Julie Basco, a representative from the state Department of Justice, said the federal law enforcement telecommunications system was seeking to include department of motor vehicle photos “though she is not aware of plans from [the feds] to create a national photo repository for DMV…”

The DOJ declined to make Basco available for an interview.

On Wednesday, the subcommittee is scheduled to meet at 9:00 a.m. followed by CAC at 1:00 p.m.

“COMPTON, Calif. – When sheriff’s deputies here noticed a burst of necklace snatchings from women walking through town, they turned to an unlikely source to help solve the crimes: a retired Air Force veteran named Ross McNutt.

“McNutt and his Ohio-based company, Persistent Surveillance Systems, persuaded the Los Angeles County Sheriff’s Department to use his surveillance technology to monitor Compton’s streets from the air and track suspects from the moment the snatching occurred.

“The system, known as wide-area surveillance, is something of a time machine – the entire city is filmed and recorded in real time. Imagine Google Earth with a rewind button and the ability to play back the movement of cars and people as they scurry about the city.

“’We literally watched all of Compton during the time that we were flying, so we could zoom in anywhere within the city of Compton and follow cars and see people,’ McNutt said. ‘Our goal was to basically jump to where reported crimes occurred and see what information we could generate that would help investigators solve the crimes.'”

A driver in L.A.? Consider yourself guilty by default

Officials’ appetite for knowing everything about everyone is hardly limited to what’s going on in Compton. This is what the Electronic Frontier Foundation reported on March 19:

“‘Do you drive a car in the greater Los Angeles Metropolitan area? According to the L.A. Police Department and L.A. Sheriff’s Department, your car is part of a vast criminal investigation.

“The agencies took a novel approach in the briefs they filed in EFF and the ACLU of Southern California’s California Public Records Act lawsuit seeking a week’s worth of Automatic License Plate Reader (ALPR) data. They have argued that ‘all [license plate] data is investigatory.’ The fact that it may never be associated with a specific crime doesn’t matter.

“This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity. In fact, the Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under ‘general warrants’ that targeted no specific person or place and never expired.

“ALPR systems operate in just this way. The cameras are not triggered by any suspicion of criminal wrongdoing; instead, they automatically and indiscriminately photograph all license plates (and cars) that come into view. This happens without an officer targeting a specific vehicle and without any level of criminal suspicion. The ALPR system immediately extracts the key data from the image — the plate number and time, date and location where it was captured — and runs that data against various hot lists. At the instant the plate is photographed not even the computer system itself — let alone the officer in the squad car — knows whether the plate is linked to criminal activity.

“Taken to an extreme, the agencies’ arguments would allow law enforcement to conduct around-the-clock surveillance on every aspect of our lives and store those records indefinitely on the off-chance they may aid in solving a crime at some previously undetermined date in the future. If the court accepts their arguments, the agencies would then be able to hide all this data from the public.”

Scary stuff. Remember Lord Acton, everyone: “All power tends to corrupt; absolute power corrupts absolutely.” To the extent that mass surveillance helps convey a sense of absolute power to those who see the vast information it provides, corruption related to government surveillance is likely to be a staple of our lives from now on.

Great, just great.